In jsp a request parameter (a string value with white spaces)displayed only upto the first whitespace in text box

Question

<input type="text" name="designation" value=<%=request.getParameter("designation")%> ></input>

In this JSP, I've send request parameters from an another JSP page via javascript using window.location.replace() function.

I want to display that request parameter in this jsp page in a text-box.

But its showing only a part of the string up to the first white-space only. remaining string is got trimmed.

What might be the cause of this problem?

e.g. if designation="software engineer" then it is displaying in the text box only "software", and not " "(space) and "engineer"

score 5 · Accepted Answer · edited May 23 '17 at 11:54

5

You need to surround the attribute value with quotes.

<input type="text" name="designation" value="<%=request.getParameter("designation")%>">

Otherwise the space will just be interpreted as HTML element attribute separator and the next word becomes then another HTML element attribute.

Unrelated to the concrete problem, if you use this approach throughout your JSPs, also for redisplaying user-controlled data from DBs, then you've a XSS attack hole. Make sure that you HTML-escape them properly. See also XSS prevention in JSP/Servlet web application.

edited May 23 '17 at 11:54

Community

1
1

answered May 02 '12 at 21:50

BalusC

1,082,665
372
3,610
3,555

Thank you for your reply..Oh now, I'm getting values correctly with spaces too. I didn't know to include them in double quotes. That's great.. Thanks a lot.!! – Thor Aniket May 03 '12 at 11:18

In jsp a request parameter (a string value with white spaces)displayed only upto the first whitespace in text box

1 Answers1